[原文]The Domain gateway in BEA Tuxedo 7.1 does not perform authorization checks for imported services and qspaces on remote domains, even when an ACL exists, which allows users to access services in a remote domain.
Tuxedo contains a flaw that may allow a malicious user to gain access to unauthorized services. The issue is triggered when specified authorization checks for remote services are ignored in outgoing requests and not performed by Tuxedo Domain gateways. This flaw may lead to a loss of confidentiality.
Upgrade to patch level 21 or later or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.